package com.dk.config;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

//shiro的核心配置类
@Configuration
public class ShiroConfig {

    //创建过滤器工厂类
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Autowired DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiro = new ShiroFilterFactoryBean();
        shiro.setSecurityManager(defaultWebSecurityManager);

        //过滤器链 anon : 无需登录就可以访问  authc : 需要登录才能访问 perms : 登录后必须授权才能访问 role : 登陆后必须有这个角色才行
        Map<String, String> map = new LinkedHashMap<>();//存取有序  因为是单链表存储 linked

        //设置放过的连接
        //map.put("/shiroController/toindex","anon");
        //map.put("/indexController/select","anon");

        //放过登录方法
        map.put("/css/**","anon");
        map.put("/img/**","anon");
        map.put("/js/**","anon");
        map.put("/plugins/**","anon");

        //给修改设置权限 perms是登陆后,[]里面的意思是必须有一定的权限,可以有多个参数,也就是有多个权限,这个方法会自动跳到自定义的登录授权类授权方法
//        map.put("/menuController/menushow","perms[menushow_perm]");
//        map.put("/roleController/toshow","perms[toshow_perm]");
//        map.put("/personController/toshow","perms[toshow_perm]");
//        map.put("/roleController/toinsert","perms[toinsert_perm]");

        //退出登录 logout
        map.put("/logout","logout");

        //其他的全部拦截
//        map.put("/**","authc");
        //拦截后设置跳转到登录页面
        shiro.setLoginUrl("/loginController/toLogin");

        //设置没有权限的跳转业面
        shiro.setUnauthorizedUrl("/unauthorized");

        //设置过滤器链
        shiro.setFilterChainDefinitionMap(map);
        return shiro;
    }

    //创建安全管理器SecurityManager
    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(@Autowired LoginUserRealm loginUserRealm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(loginUserRealm);
        return defaultWebSecurityManager;
    }

    @Bean
    public LoginUserRealm loginUserRealm(@Autowired HashedCredentialsMatcher matcher){
        LoginUserRealm loginUserRealm = new LoginUserRealm();
        //设置shiro的加密方式,里面需要一个关于密码加密的对象,并且放在容器中
        loginUserRealm.setCredentialsMatcher(matcher);
        return loginUserRealm;
    }

    //密码加密
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        //创建完对象以后,需要对几个方法进行设置
        //设置加密的编码
        matcher.setStoredCredentialsHexEncoded(true);
        //设置加密几次
        matcher.setHashIterations(5);
        //设置加密方式
        matcher.setHashAlgorithmName("MD5");
        return matcher;

    }
}
